IBM Security in the Cloud

Similar documents
Security and Cloud Computing

Cloud Security: The Grand Challenge

Securing the Cloud through Comprehensive Identity Management Solution

CLOUD SECURITY: THE GRAND CHALLENGE

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cloud computing White paper November IBM Point of View: Security and Cloud Computing

IBM & Cloud Computing. Smarter Planet. John Easton UK & Ireland Cloud Computing Technical Leader

Cloud Security Who do you trust?

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud computing: the IBM point of view

IBM EXAM QUESTIONS & ANSWERS

Hybrid Cloud Computing

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Strategies for assessing cloud security

Cloud Security Prof. Dr. Michael Waidner Fraunhofer SIT CASED. Fraunhofer SIT. Fraunhofer-Gesellschaft 2011

Cloud Security Who do you trust?

Security and Cloud Compunting - Security impacts, best practices and solutions -

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Finding the right cloud solutions for your organization

Consolidated security management for mainframe clouds

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cloud Computing and Standards

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Q1 Labs Corporate Overview

What is Security Intelligence?

DOBUS And SBL Cloud Services Brochure

IBM Cloud Computing Infrastructure Architect V1. Version: Demo. Page <<1/9>>

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

White Paper: Introduction to Cloud Computing

Security Issues in Cloud Computing

The Production Cloud

Service management White paper. Manage access control effectively across the enterprise with IBM solutions.

Always On Infrastructure for Software as a Ser vice

Addressing Security for Hybrid Cloud

next generation privilege identity management

How To Protect Your Cloud From Attack

Security & Trust in the Cloud

Hybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group

Safeguarding the cloud with IBM Dynamic Cloud Security

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Revitalising your Data Centre by Injecting Cloud Computing Attributes. Ricardo Lamas, Cloud Computing Consulting Architect IBM Australia

Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Cloud Security. DLT Solutions LLC June #DLTCloud

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Managing Cloud Computing Risk

Module 1: Facilitated e-learning

The Elephant in the Room: What s the Buzz Around Cloud Computing?

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

WHITEPAPER. Why Businesses are Embracing Cloud IaaS

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Cloud Computing Paradigm

IBM Cloud TechTalks (Part 4 of 4):

The Benefits of an Integrated Approach to Security in the Cloud

IBM and Dynamic Infrastructure. Doug Neilson, IBM Systems Group May 2009

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Building Private & Hybrid Cloud Solutions

Cloud, Beyond the Hype

WRITTEN TESTIMONY OF NICKLOUS COMBS CHIEF TECHNOLOGY OFFICER, EMC FEDERAL ON CLOUD COMPUTING: BENEFITS AND RISKS MOVING FEDERAL IT INTO THE CLOUD

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Effective Storage Management for Cloud Computing

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage

A Guide to. Cloud Services for production workloads

Architecting the Cloud

Infrastructure as a Service: Accelerating Time to Profitable New Revenue Streams

Cloud computing: defined and demystified

How To Manage Cloud Computing

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

Cloud Computing - Architecture, Applications and Advantages

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

Oracle Cloud Computing Strategy

Cloud Computing. Jean-Claude DISPENSA IBM Distinguished Engineer

How Safe are you in your Cloud?

<Insert Picture Here> Enterprise Cloud Computing: What, Why and How

Cloud-Security: Show-Stopper or Enabling Technology?

Transcription:

Cesare Radaelli Security Tiger Team Leader, Italy IBM Security Solutions IBM Security in the Cloud

What is cloud computing? Cloud is an emerging consumption and delivery model for many IT-based services, in which the user sees only the service, and has no need to know anything about the technology or implementation Attributes Standardized, consumable web-delivered services Service Catalog Ordering Flexible pricing Metering & Billing Elastic scaling Rapid provisioning Advanced virtualization VISIBILITY CONTROL AUTOMATION...service oriented and service managed in a Secure environment

In the Cloud, a single web connection may control an entire data center.

What is Cloud Security? Confidentiality, integrity, availability of business-critical IT assets Stored or processed on a cloud computing platform Cloud Computing Software as a Service Utility Computing Grid Computing There is nothing new under the sun but there are lots of old things we don't know. Ambrose Bierce, The Devil's Dictionary

Why is security important? Security enables companies to pursue new, more efficient IT business models. Strategic Outsourcing Global Outsourcing Grid Computing Service Oriented Architecture Web 2.0 Collaboration Virtualization Vendor Trust Legislative Boundaries Distributed Infrastructure Risks Web Threats Data Leakage Shared Infrastructure SLAs International Standards Availability, Resiliency Security Web Security Data Leakage Prevention Isolation Technologies Cloud Computing Cloud Computing is a natural evolution of the evolving IT paradigms listed above. A variety of security technologies, processes, procedures, laws, and trust models are required to secure the cloud. There is no silver bullet!

Cloud Security 101: Simple Example TODAY TOMORROW??? We Have Control It s located at X. It s stored in server s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged.??? Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage? Lesson Learned: We have responded to these questions before clouds demand fast, responsive, agile answers.

Recent Analyst Reports Confirm General Concerns But also Highlight Security as a Potential Market Differentiator Securing your applications or data when they live in a cloud provider s infrastructure is a complicated issue because you lack visibility and control over how things are being done inside someone else s network. Forrester, 5/09 Large enterprises should generally avoid placing sensitive information in public clouds, but concentrate on building internal cloud and hybrid cloud capabilities in the near term. Burton, 7/09 Cloud approaches offer a unique opportunity to shift a substantial burden for keeping up with threats to a provider for whom security may well be part of the value proposition. EMA, 2/09 Gartner s 7/09 Hype Curve for Cloud Computing positions Cloud Security Concerns into the early phase (technology trigger, will raise), and gives it a time horizon of 5-10 years Highly regulated or sensitive proprietary information should not be stored or processed in an external public cloud-based service without appropriate visibility into the provider's technology and processes and/or the use of encryption and other security mechanisms to ensure the appropriate level of information protection. Gartner 7/09

Security as a Potential Market Differentiator: Different Workloads have Different Risk Profiles High Need for Security Assurance Low Training, testing with non-sensitive data Public Analysis & simulation with public data Mission-critical workloads, personal information Hybrid Low-risk Mid-risk High-risk Business Risk Private High value / high risk workloads need Quality of protection adapted to risk Direct visibility and control Significant level of assurance Today s clouds are primarily here: Lower risk workloads One-size-fits-all approach to data protection No significant assurance Price is key

October 09 EDC Report: Cloud Player Strenghts (Security)

IBM is ready to help in securing the cloud Smart Planet Dynamic Infrastructure G GTS ITS GBS IBM Research

The IBM Security Framework: Comprehensive Risk and Compliance Management 15,000 researchers, developers, and SMEs on security initiatives 3000+ security & risk management patents 200+ security customer references and 50+ published case studies $1.5 Billion security spend in 2008 Managing more than 7 Billion security events per day for clients

Gartner reports on security risks of cloud computing that map directly to the IBM Security Framework. Privileged User Access Data Segregation Data Recovery Investigative Support Regulatory Compliance Data Location Disaster Recovery Gartner: Assessing the Security Risks of Cloud Computing, June 2008

Tivoli Access Manager (TAM) People and Identity Privileged User Access Separation of administrative and user roles in a cloud environment Cloud Use Case: Provides validation and processing of user identity information. Addresses the need of authentication of users within the cloud ecosphere. Defines and manages centralized authentication, access and audit policy with access management. Service Requestor Service Provider Service Systems and Image Management Management TAM Computing Infrastructure Systems Network Storage Tivoli Federated Identity Manager (TFIM) Cloud Identity Federation Single access method for users into cloud and traditional applications Cloud Use Case: In massively parallel, cloud-computing infrastructures, TFIM enables trust between SOA-based initiatives by connecting users to services across business domains and helps enterprises strengthen and automate user access rights. 3 rd Party Cloud Service Requestor Service Provider Service Systems and Image Management Management TFIM Computing Infrastructure Systems Network Storage

Application and Process IBM Rational AppScan & IBM ISS Vulnerability Assessment Services Compliance and Auditing Vulnerability and compliance checking of cloud applications Summary: IBM Rational AppScan scans and tests for common Web application vulnerabilities including SQL-Injection, Cross-Site Scripting and Buffer Overflow. IBM ISS Professional Security Services performs automated scans to identify operating systems, apps, and their respective vulnerabilities. Cloud Use Case: External or internal testing of cloud applications and their hosted infrastructure. Delivered as components for integration into the cloud or as a hosted service via-the-cloud. IBM Rational AppScan ISS Vulnerability Scanning Business Applications Email CRM DB SaaS BPM Host Computing Infrastructure Systems Network Storage IBM ISS Security Event and Log Management Service (SELM) Investigative Support Ability to inspect and audit a cloud provider s logs and records Summary: The IBM ISS Security Event and Log Management Service enables corporations to compile event and log files from network applications and operating systems, as well as security technologies, into one seamless platform administered from an easy-to-use Web portal. Cloud Use Case: Improves the speed of conducting security investigation and archives forensically-sound data, admissible as evidence in a court of law, for a period up to seven years. Computing Infrastructure Systems Storage Network Apps LOG LOG LOG LOG IBM ISS Security Event & Log Management Services

Enterprise Security Security for existing IT infrastructure as it extends to the cloud IBM Enterprise Security Solutions Network, Server and Endpoint Summary: IBM ISS security products and services driven by X-Force research, Tivoli Security Software to reduce cost and risk, and IBM Systems work together to create a highly secure computing environment that minimizes the potential risk posed by security threats. Cloud Use Case: Our end-to-end solutions allow customers to build a strong security posture - positioning them to reap the rewards of emerging trends such as cloud computing. Systems Security Software Security Network Security Security Services IBM Systems and IBM ISS Virtualization Security Virtualization Security Security for pools of high performance virtualized resources Summary: IBM offers the industry s broadest set of virtualization capabilities. Relying on over 40 years of heritage and attention to security, IBM virtualization platforms are built with security as a requirement, not an afterthought. Solutions from IBM ISS, such as Proventia Server and virtual appliances, strengthen defenses by eliminating additional threats. Service Requestor Service Provider Service Systems and Image Management Management Computing Infrastructure Systems Storage Cloud Use Case: Security of the virtualization stack - enabling flexible, rapid provisioning across heterogeneous servers and hypervisors. Virtual Network

IBM Security Solutions is positioned to help secure Cloud Computing in 3 areas 1 Cloud Security 2 Cloud Security 3 Smart business Consulting Products Security Services Smart business Security Services Technologies in support of cloud computing IBM Strategy Mapping: Define, invest in, and develop Cloud Consulting Services Offer IBM professional security services to clients engaging in cloud initiatives. Examples: Penetration testing Information security assessment Protection policy and standards development IBM Strategy Mapping: Develop a Standardized Cloud Implementation methodology with supporting technologies Develop products and technologies to protect cloud infrastructures and their tenants. Examples: Scalable chassis-based solutions Virtual appliances Integrated virtualization security Integrated server protection Proventia enhancements to better comprehend clouds (mobility, multi-tenancy) IBM Strategy Mapping: Develop and extend selected ITS Managed Services offerings Leverage the cloud as a delivery mechanism for IBM security services. Examples: Vuln management service Email scrubbing service Web content filtering service Security event log management X-Force threat analysis service Alliances with 3 rd party services Securing Cloud Infrastructures Security from an IBM ISS Cloud

IBM Security in the Cloud Cesare Radaelli Security Tiger Team Leader, Italy IBM Security Solutions cesare.radaelli@it.ibm.com 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information